Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

Baron Discovery Fund highlights a new position in JFrog Ltd. as a leader in binary management. Read the Q4 2025 report for ...

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers ...

How modern infostealers target macOS systems, leverage Python‑based stealers, and abuse trusted platforms and utilities to ...

Anthropic's Claude AI autonomously discovered 500+ critical vulnerabilities in popular open-source software using only basic ...

The threat situation in the software supply chain is intensifying. Securing it belongs at the top of the CISO’s agenda.

Attackers recently leveraged LLMs to exploit a React2Shell vulnerability and opened the door to low-skill operators and calling traditional indicators into question.

Blockchain analytics company Chainalysis has rolled out a new automation feature aimed at broadening access to onchain investigative and compliance tools beyond technical users. The feature, called ...

Microsoft details a new ClickFix variant abusing DNS nslookup commands to stage malware, enabling stealthy payload delivery ...

This case study examines how vulnerabilities in AI frameworks and orchestration layers can introduce supply chain risk. Using ...

UpGuard, a leader in cybersecurity and risk management, released new research highlighting a critical security vulnerability within developer workflows. UpGuard's analysis of more than 18,000 AI agent ...